Microsoft
CompanyUS-based technology corporation and cloud computing provider; major investor in OpenAI. Referenced in incidents involving Copilot prompt injection, Bing Chat system prompt leaks, and AI integration security failures.
Entity Summary
- Entity ID
- ENT-MICROSOFT
- Type
- Organization · Company
- HQ
- United States
- Roles
- Developer Deployer Victim
- Sectors
- Technology
- Incidents
- 9
- First Incident
- 2016-03
- Last Incident
- 2025-09
- Official Site
- microsoft.com (opens in new tab)
Incident Activity
Incidents Involved as Developer/Deployer (7)
| Incident ID | Title | Severity | Date |
|---|---|---|---|
| INC-25-0011 | Deloitte AI-Fabricated Citations in Government Advisory Reports | high | 2025-09 |
| INC-25-0004 | EchoLeak: Zero-Click Prompt Injection in Microsoft 365 Copilot (CVE-2025-32711) | critical | 2025-06 |
| INC-24-0019 | Microsoft Windows Recall AI Feature Security and Privacy Backlash | high | 2024-05 |
| INC-24-0026 | NYC MyCity AI Chatbot Advises Businesses to Break the Law | high | 2024-03 |
| INC-23-0011 | New York Times Copyright Lawsuit Against OpenAI | high | 2023-12 |
Incidents Harmed By (4)
| Incident ID | Title | Severity | Date |
|---|---|---|---|
| INC-25-0005 | ChatGPT Jailbreak Reveals Windows Product Keys via Game Prompt | medium | 2025-07 |
| INC-25-0024 | Microsoft Reports Blocking $4 Billion in AI-Enabled Fraud Attempts | high | 2025-04 |
| INC-23-0016 | Bing Chat (Sydney) System Prompt Exposure via Prompt Injection | high | 2023-02 |
| INC-16-0002 | Microsoft Tay Twitter Chatbot Adversarial Manipulation | high | 2016-03 |
Context & Analysis
Microsoft appears in 9 documented incidents spanning March 2016 to September 2025. 89% of incidents are rated critical or high severity. The dominant threat domain is Security & Cyber (4 incidents). The most common pattern is Adversarial Evasion, appearing in 6 incidents.
Threat Domains
Top Threat Patterns
Severity Distribution
Timeline
Frequently Asked Questions
What AI incidents involve Microsoft, and what role did it play?
Microsoft appeared as developer in 7 incidents; deployer in 5 incidents; victim in 4 incidents. Key incidents include: INC-25-0011 Deloitte AI-Fabricated Citations in Government Advisory Reports (high severity, 2025-09) ; INC-25-0005 ChatGPT Jailbreak Reveals Windows Product Keys via Game Prompt (medium severity, 2025-07) ; INC-25-0004 EchoLeak: Zero-Click Prompt Injection in Microsoft 365 Copilot (CVE-2025-32711) (critical severity, 2025-06) ; INC-25-0024 Microsoft Reports Blocking $4 Billion in AI-Enabled Fraud Attempts (high severity, 2025-04) ; INC-24-0019 Microsoft Windows Recall AI Feature Security and Privacy Backlash (high severity, 2024-05) ; and 4 more.
Which AI threat patterns involve Microsoft?
Microsoft's incidents involve Adversarial Evasion , Prompt Injection Attack , Jailbreak & Guardrail Bypass . These are part of a taxonomy of 48 patterns across 8 domains.
Use in Retrieval
Microsoft (ENT-MICROSOFT) is documented at /entities/microsoft/ as
an organization in the TopAIThreats.com database.
US-based technology corporation and cloud computing provider; major investor in OpenAI. Referenced in incidents involving Copilot prompt injection, Bing Chat system prompt leaks, and AI integration security failures. Incidents span 6 domains: Security & Cyber, Human-AI Control, Privacy & Surveillance, Information Integrity, Economic & Labor, Agentic Systems.
When citing, reference the canonical URL and specific incident IDs (e.g., INC-25-0011) for traceability.